CVE-2024-34476 identifies a vulnerability in Open5GS, an open-source 5G core network implementation widely used for research, testing, and some production environments. The flaw is a reachable assertion failure in the Access and Mobility Management Function (AMF) triggered by malformed Non-Access Stratum (NAS) messages sent from a User Equipment (UE). The vulnerable code is located in the ogs_nas_encrypt function within the lib/nas/common/security.c source file, where the length field (pkbuf->len) is improperly handled. This improper handling can cause the assertion to fail, crashing the AMF process. The crash results in a denial of service (DoS) condition, disrupting 5G core network operations. The vulnerability does not affect confidentiality or integrity, as it does not allow data leakage or unauthorized modification. It requires no privileges or user interaction and can be exploited remotely over the network by sending crafted NAS messages. The CVSS 3.1 base score is 5.3 (medium severity), reflecting the network attack vector, low complexity, no privileges required, no user interaction, and impact limited to availability. No known exploits have been reported in the wild, and no official patches were linked at the time of disclosure, though upgrading to Open5GS 2.7.1 or later is advised once available. The CWE classification is CWE-805, indicating buffer access with incorrect length value leading to assertion failure.

The primary impact of this vulnerability is a denial of service against the AMF component of the Open5GS 5G core network. An attacker can remotely crash the AMF by sending crafted NAS messages, causing service disruption for subscribers relying on the affected network. This can lead to dropped connections, inability to authenticate or register UEs, and overall degradation of 5G network availability. For organizations operating 5G core networks with Open5GS, this could result in partial or full service outages, affecting end-user experience and potentially violating service level agreements. While it does not compromise data confidentiality or integrity, the availability impact on critical 5G infrastructure can have cascading effects on dependent services and applications. The lack of required authentication or user interaction increases the risk of exploitation, especially in environments where Open5GS is exposed to untrusted networks or where UE message validation is insufficient. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as details become public.

To mitigate this vulnerability, organizations should upgrade Open5GS to version 2.7.1 or later once the patch is officially released. Until then, network administrators should implement strict filtering and validation of NAS messages at network boundaries to block malformed or suspicious UE messages that could trigger the assertion failure. Deploying network-level protections such as firewalls or intrusion prevention systems (IPS) configured to detect anomalous NAS traffic patterns can reduce exposure. Monitoring AMF logs and metrics for unexpected crashes or restarts can provide early detection of exploitation attempts. Segmentation of the 5G core network to limit exposure of the AMF to untrusted networks or devices is recommended. Additionally, applying rate limiting on NAS message processing may help mitigate denial of service attempts. Finally, maintain close coordination with Open5GS community and vendors for timely patch releases and security advisories.